What is sideloading?
Sideloading is the process of installing an application onto a mobile device without using the device’s official app store or marketplace. Users transfer files between two devices, such as a computer and a mobile device, or install software packages –– usually an application file or Android Package Kit (APK) for Android devices –– from a website or other unofficial source and manually install it onto their device. Sideloading allows users to access more mobile apps than are officially available on the app store, but it poses risks, as sideloaded apps are not screened for malware and can lead to security breaches.
How do users sideload apps?
The method of sideloading varies across platforms, and while it’s relatively straightforward on some devices, it requires additional steps or even jailbreaking on others. On Windows computers, for example, users can sideload files from one device to another via a cable or memory card. Sideloading is typically associated with Android devices as the operating system provides more flexibility in installing software from sources other than the Google Play Store. To enable app sideloading, Android users simply check a box in security settings to allow installs from “unknown sources” and download the application file to their device. On iOS devices, including iPhones and iPads, it’s more complex and usually requires third-party app stores or tools.
What are the risks of sideloading?
Sideloading allows users to download apps not available on official app stores, like custom-developed Android or iOS apps, beta versions, or apps removed or banned from app stores. However, sideloading apps can be dangerous, putting users at risk of:
- Malware infection: As sanctioned app stores do not screen them, sideloaded apps may contain malware, leading to data breaches and other security risks.
- Security vulnerabilities: Sideloaded apps can introduce security vulnerabilities to a device, which is why many device manufacturers or operating systems restrict the practice.
- Lack of updates: Sideloaded apps may not receive regular updates, leaving them vulnerable to cyberattacks.
- Privacy risks: Some sideloaded apps request unnecessary permissions or access to user data without appropriate controls and oversight.
- Fraud: As they’re often unregulated, sideloaded apps can include fraudulent versions of legitimate apps, exposing users to legal risks.
How do Apple’s January 2024 changes to iOS, Safari, and the App Store in the European Union impact sideloading?
In response to the Digital Markets Act (DMA), Apple’s recent update in the EU allows for app sideloading with some restrictions. Effective with the beta rollout of iOS 17.4, the update permits sideloading but mandates a “Notarization” process, which involves a combination of automated checks and human review. Apple also announced a “Core Technology Fee” of €0.50 for each first annual install per year over a one million threshold, regardless of whether the apps were sideloaded or downloaded from the Apple App Store. This fee is intended to discourage the use of alternative app stores. Although these changes comply with the DMA’s requirements, Apple has expressed concerns about the potential privacy and security risks for users. Apple is also urging developers to continue distributing apps through the App Store rather than alternative methods, stating that these solutions help mitigate some of the security risks created by the DMA.